Tag: JavaScript

Development

One to watch?

Sun is proposing an alternative to AJAX, called Project Flair, which is set for early release later this year. In an InfoWorld article, Sun engineer and principal investor Dan Ingalls describes it as being more like the old style of of desktop application programming (using a JavaScript programming kernel) that adds collaboration and web access.

How this actually ends up performing is anyone’s guess, but I’ll be keeping an eye out for it.

Technorati Tags: , ,

JavaScript

Web 2.0 Attack – AJAX Vulnerable to JavaScript Hijacking

A white paper from Fortify Software outlines a major Web 2.0 Vulnerability. According to the white paper, all current frameworks that use JSON for data communications are vulnerable. They have released the information to all the major framework developers so that this can be addressed within the AJAX frameworks. They noted, however, that one quarter of the participants in an AJAX survey hosted by Fortify did not use any framework at all. Fortify recommend a two-pronged mitigation approach:

  • Include a hard-to-guess identifier, such as the session identifier, as part of each request that will return JavaScript. This defeats cross-site request forgery attacks by allowing theserver to validate the origin of the request.
  • Include characters in the response that prevent it from being successfully handed off to a JavaScript interpreter without modification. This prevents an attacker from using a <script> tag to witness the execution of the JavaScript.

Computer Business Review has a more extensive write-up available.

Technorati Tags: , ,

Browsers

Bookmarklet and Google Gadget for etymonline.com

I ran across the Online Etymology Dictionary the other day and was blown away by the well-designed and incredibly useful service they offer. Of course, it’s much nicer to have access to that functionality at a click, so of course I created a Firefox/Mozilla bookmarklet. But I wanted to have the same thing available on my Google homepage, right next to the Dictionary search box and the Wikipedia search box, so I created a “Google Gadget” for it as well.

To use the bookmarklet, drag the link below into your Firefox/Mozilla bookmarks bar.

Find Etymology

To use the “Google Gadget” go to your Google homepage, click on the “Add Stuff” link, click on “Add by URL” and enter http://www.evardsson.com/files/gg_etymonline.xml

Enjoy!

Read More

CSS

Peter Nederlof’s whatever:hover to the rescue!

Well, I found a way to do CSS2 drop-down menus and force IE to accept them. It takes a little bit of JavaScript madness created by Peter Nederlof called which forces IE to accept the :hover psuedo-class for any element (as is the spec for CSS2).

While it uses IE specific tricks to make it work, it can be done in such a way as to not break in other browsers. (In other words, the changes are only applied if the browser is IE.)

There is a handy tutorial at SEOConsultants that was incredibly helpful.

Firefox

Mozilla / Firefox bookmarklet for similicio.us

If you haven’t yet heard, there is a nifty new site, , that helps you find sites similar to what you are currently looking at. As the site author puts it:

This is a mashup of del.icio.us and easyutil.com. It’s an experiment on my part to see whether I can quickly find relevant web sites based on people’s tags/bookmarks on del.icio.us, using the engine from easyutil.com. It answers the question “people who tagged this site also tagged what other sites”. I am using it mostly to find blogs that are similar to the ones I read, and to find new popular web sites that are in my area.

To make things easier I have created a Mozilla / Firefox bookmarklet. To add this just click and drag the link below to your bookmark bar.

Search similicio.us

JavaScript

Web-based editing with TinyMCE

While it’s not specific to PHP, I have found what is perhaps the best web-based WYSISYG editor going: TinyMCE. The only reason I am mentioning it here is because of the framework I built behind it.

The goal was to build an admin page for “blosxom-ish” blogs (like Blosxom, pyBlosxom, phpBlosxom, etc) that use text files for entries. The inital idea was to do it in Python/PSP using mod_python. I quickly abandoned this for the following reasons:

  1. No matter what I tried, I could not get the PSP include directive to work.
  2. The mod_python PSP documentation is sparse and generally not helpful.
  3. I wanted to bang it out and get it done, and I am already familiar with PHP enough to be comfortable with it.

I do have plans to re-implement in a Python cgi-style format, and will offer it to the community at large at that time, but until then this version seems to be working ok for me (at least at the moment).

If you would like a copy of the source for this (WARNING! It is not commented and seriously shows the signs of being hacked out in one evening!) drop me a line and let me know.

By the way: I almost forgot the important part. What is it that makes me think TinyMCE is the best web-based WYSIWYG editor? The fact that it generates <p> tags for paragraphs (rather than stuffing in a couple <br>s), uses <strong> and <em> rather than <b> and <i>, has a working link and image insertion tool, a preview button, and it applies itself to all the textareas in a form page without jumping through a bunch of hoops with id and style attributes. Generally it produces valid HTML 4.0 Transitional. (I think it could be tweaked to produce valid XHTML 1.x Strict, though.)

So what could be tweaked?

  • The “tidy” tool doesn’t strip out the M$ Word class=”MsoNormal” attributes when pasting from Word.
    • Possible fix for now: strip those out in the back-end processing
    • Long-term fix: Find the javascript code that does the tidying and add the logic to delete the Mso* attributes.
  • It uses <font> tags rather that <style> tages to apply color and font-face changes.
    • Possible fix for now: replace the <font color=”#??????”> tags with <span style=”color:#??????;”> in the backend.
    • Avoid using font face changes and allow the css of the site that is going to be displaying the page handle it.
    • Long-term fix: Find the javascript code that produces the font tags and replace it with span.

Overall, it does what it says, and that makes it another of those things that I like: stuff that works!